| shubang | f8ab3eb | 2020-09-11 17:50:45 -0700 | [diff] [blame^] | 1 | # mediatuner - mediatuner daemon |
| 2 | type mediatuner, domain; |
| 3 | type mediatuner_exec, system_file_type, exec_type, file_type; |
| 4 | |
| 5 | typeattribute mediatuner coredomain; |
| 6 | |
| 7 | init_daemon_domain(mediatuner) |
| 8 | hal_client_domain(mediatuner, hal_tv_tuner) |
| 9 | |
| 10 | binder_use(mediatuner) |
| 11 | binder_call(mediatuner, appdomain) |
| 12 | binder_service(mediatuner) |
| 13 | |
| 14 | add_service(mediatuner, mediatuner_service) |
| 15 | allow mediatuner system_server:fd use; |
| 16 | |
| 17 | ### |
| 18 | ### neverallow rules |
| 19 | ### |
| 20 | |
| 21 | # mediatuner should never execute any executable without a |
| 22 | # domain transition |
| 23 | neverallow mediatuner { file_type fs_type }:file execute_no_trans; |
| 24 | |
| 25 | # do not allow privileged socket ioctl commands |
| 26 | neverallowxperm mediatuner domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls; |
| 27 | |